Using Google as a hacker attack principle _ security related

Source: Internet
Author: User
Tags php code php error php website
Technology world: Googlehacking is using Google's search engine to quickly find vulnerable hosts and information that contains sensitive data, a recent attack that was manually operated by hackers can be done automatically through a new worm. In order to arouse the attention and attention of the googlehacking, we have made this article in the hope that we can better protect our information security by understanding the attacking means of hack. This article focuses on the googlehacking attack means of understanding, the details of some attacks are not detailed please understand.

Objective:

At the Blackhat convention held in Las Vegas in 2004, two security experts were named you found and Google. And Google attacks's keynote address. After security Focus Forum original master Wlj elder brother Translation finishing, personal feel necessary to complement some details. Today, we are talking about another feature of Google: using search engines to quickly find hosts with vulnerabilities and information that contains sensitive data, and even a direct fool invasion.

Using Google for "penetration testing."

We penetrate testers today before the attack, often the first information collection work, and then the vulnerability and the final exploits to exploit, expand the results. Here's what we're going to talk about here:

First, the use of Google to find people have been installed PHP Webshell back door of the host, and test whether to use;
Second, use Google to find out about the exposure of the Inc sensitive information.
OK, now we start:

1. Find the use of PHP Webshell

We fill in the Google search box:

Code:
intitle: "php shell*" "Enable stderr" filetype:php

(Note: intitle-page title Enable Stderr-unix standard output and standard error abbreviated filetype-file type). In search results, you can find many web shells that execute commands directly on the machine. If you find the Phpshell will not use, if you are not familiar with UNIX, you can directly look at the list, here is not detailed, there are a lot of utilization value. To illustrate, we are here to search some foreign phpshell on the use of UNIX commands, are called by the system function (in fact, with Baidu and other search engines can be, just fill in the content of the search is different). Through my detection, this phpwebshell can be directly echo (Unix common command). In a word, the home page is buttoned up:

Code:
echo "Summon" > index.jsp

In getting the

Code:
echo \

And then write, "call."

Now look at the home page, has been changed by us: "Call"

We can also upload a file with wget (like the leaf you want to replace). Then execute command enters cat file > index.html or echo "" > File

echo "Test" >> file

Such a piece of play out, the site home was successfully replaced. The same can be

Code:
uname-a;cat/etc/passwd

However, a bit to note that some Webshell programs have problems, can not be implemented, such as:
Http://www.al3toof.com/card/smal; c_html&command=.
http://ramsgaard.net/upload/shell.php;

PHP for these stations is global register off

Solution:
We can use the relevant tools to conduct searches on the internet, if information is abused, http://www.google.com/remove.html; submit the information you wish to delete,
Control search engine robot query.

2. Search Inc Sensitive information

We fill in the Google search box:

Code:
. org filetype:inc

We are now searching for the org Domain site's inc information (because Google has blocked the search for "COM" information, we can also search for other gov,cn,info,tw,jp,edu and so on)

PS: I'm looking at many PHP programmers who like to write code or configuration information that is often written in a. inc file, such as Shared.inc, Global.inc, Conn.inc and so on, of course this is a good habit, including the official PHP website is so, but I do not know if you have noticed that there is a security problem.

I have one time in writing a PHP code, accidentally wrote a wrong word, when I look at this php file in the browser, unexpectedly found that the screen details of my error in the PHP file path and line of code. (PHP Error display configuration is open.) This feature is default in PHP!, which means that when we accidentally write the wrong code (same as the. inc file) or if the PHP code resolves the problem, and the PHP error appears open, the client user will see the. inc file for the specific URL address.

A. url file, like txt text, displays its contents without reservation when browsing in a browser, and many sites write important information such as user passwords in the. inc file. Including the domestic famous Haier company and Jia Ling Motorcycle Company, I dare to publish because I have tested http:/ /www.haier.com/su ***/inc/conn.inc out of the database ID password with the client not to go up, the site closed 1215, and the firewall also filtered out.

Well, after the Inc's knowledge, we went on to search a lot more, and we found a MySQL password that exposed
We can also use the client login to modify the data. Here is the knowledge of the database, and we don't talk too much about "Inc exposing sensitive information" to end it here.
Of course, we can solve this by some means:
1, you can configure the. inc file specifically to prevent users from getting the source files directly.
2, of course, the better way is to add and change the file name extension to. php (PHP can resolve the extension), so that the client will not get the source file.

Here, I will freemind the picture drawn by text.
For more information about Google Hack, help us analyze the casing
Connector characters:

Code:
+ - : . * |

Operator:

Code:
"Foo1 Foo2"
Filetype:123
Site:foo.com
Intext:foo
Intitle:footitle
Allinurl:foo

Password-related

Code:
: "Index of"
htpasswd/passwd
Filetype:xls Username Password Email
"Ws_ftp.log"
"Config.php"
Allinurl:admin mdb
Service Filetype:pwd (FrontPage)

Sensitive information:

Code:
"Robots.tx"
"Disallow:"
Filetype:txt
INURL:_VTI_CNF (FrontPage files)
Allinurl:/msadc/samples/selector/showcode.asp
allinurl:/examples/jsp/snp/snoop.jsp
Allinurl:phpsysinfo
IPSec filetype:conf
Intitle: "Error occurred" ODBC request where (Select|insert)
"MyDomain.com" Nessus
"Generated by"

End:

If you want to take root permissions to specific issues specific analysis, but with the shell authority to mention, the Internet has a lot of webshell to improve the rights of the article you can refer to.

Through Google we can also search for a lot of useful things, but the details of the information collected through the slow analysis, expansion, intrusion.
I do not specifically analyze these. Give everyone a thought, we slowly study well.

Here, this article is coming to an end, the purpose of this article is to arouse the attention and attention of the people, to understand the new hack means, to understand the new methods of protection, things have two sides, in today's popular Google era, in the full use of Google at the same time. It should be seen more comprehensively.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.